Build your risk-based vulnerability program
Contact Us
Talk to an Expert
Request a demo

Kenna Privacy Policy

Privacy Policy

Revised May 28, 2020

This Privacy Policy describes how Kenna Security, Inc. (“Kenna,” “we” or “us”) collects, uses and discloses personal information received from users of our vulnerability intelligence and analysis service and from visitors to this website (“Website”) collected via this Website, email, SMS, telephone, WAP or other means.

By using or accessing the Website, submitting information to us or using any of our products or services, you are accepting the practices described in this Privacy Policy, and you are consenting to our processing of your personal information as set forth in this Privacy Policy.

Web Services Users and Website Visitors

Like most Web services operators, Kenna collects non-personal information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Kenna’s purpose in collecting such information is to better understand how Kenna’s users and visitors use its Website and services. From time to time, Kenna may release such information in the aggregate, e.g., by publishing a report on trends in the usage of its Website and services.

Kenna also collects Internet Protocol (IP) addresses. Kenna does not use such information to identify its visitors and does not disclose such information other than under the circumstances described below.

Collection and Use of Personal Information

Certain visitors to the Website and users of Kenna’s services choose to interact with Kenna in ways that require or allow Kenna to gather personal information. The amount and type of personal information that Kenna gathers depends on the nature of the interaction. For example, we ask users of Kenna applications to provide a username and email address. In each case, Kenna collects such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with Kenna. Kenna does not disclose personal information other than as described below. Visitors and users can always decline to provide their personal information, with the caveat that it may prevent them from engaging in certain activities.

If you are a registered user of a Kenna service and have supplied your email address, Kenna may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with Kenna and our products. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users.

Aggregated Statistics

Kenna may collect statistics about the behavior of visitors to its Website and users of its services. For instance, Kenna may collect and disclose aggregate data on how much vulnerability data an average customer collects, or what the most common vulnerability scores are across all customers. However, Kenna does not disclose personal information other than as described below.

Vulnerability Data

Kenna collects, aggregates, and stores vulnerability and audit data for its customers. Kenna will not disclose individual records other than in an aggregated and anonymized format as described above or for the purposes described below.

Disclosure of Personal Information

Kenna will disclose the personal information that we collect or you provide to Kenna only in the following circumstances:

  • To service providers that Kenna uses to support its business and that are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which Kenna discloses it to them. Further information regarding such third parties is provided below.
  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Kenna’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Kenna is among the assets transferred.

To comply with any valid court order, law, or legal process, including to respond to any government or regulatory request.

  • If Kenna believes disclosure is necessary or appropriate to protect the rights, property, or safety of Kenna, Kenna’s customers, or others.

As noted above, Kenna may share personal information with certain service providers. Kenna is currently using the following service providers that have agreed to use personal information (to the extent disclosed) only for the purpose of providing services to Kenna:

Kenna will not rent or sell your personal information to anyone.

Security of Personal Information

Kenna has implemented technical and organizational measures, appropriate to the risk, to protect your personal information against accidental or unlawful destruction, loss or alteration and unauthorized disclosure or access. However, due to the inherent open nature of the Internet, we cannot ensure or warrant the security of any information provided online.

Retention of Personal Information

Kenna retains your personal information for as long as reasonably necessary for the purposes set out in this Privacy Policy. We also may retain your personal information for a longer period of time on the basis of our legitimate interests in providing or marketing our services to you or as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Even if we delete some or all of your personal information, we may continue to retain and use information that has been aggregated or anonymized so that it can no longer be used for personal identification.


A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. As you browse the Website, cookies will be placed on your computer so that we understand user interests. Kenna uses cookies to help identify and track visitors, their usage of Kenna services, and their preferences. We do not employ such technologies to collect personal information such as name, email address, postal address or telephone number. Kenna visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using Kenna’s services, with the drawback that certain features of Kenna’s services may not function properly without the aid of cookies.

Do Not Track

Kenna does not track its customers over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you.

Links to Other Web Websites

This Privacy Policy applies only to this Website and the Kenna services and not to any third-party websites. Kenna is not responsible for the privacy or security practices or the content of such websites.

Opt-Out Policy

If, at any time after providing your personal information to us, you change your mind about receiving information from us or about the use of information volunteered by you, you may opt out by sending us a request specifying your new choice. Please contact us at dpo@kennasecurity.com.

California Residents

California law grants additional privacy rights to California residents. In particular, the California Consumer Privacy Act (CCPA) requires businesses to disclose, for the past 12 months, (i) the categories of personal information collected, (ii) the sources of the collected personal information, (iii) the purposes for which the collected personal information is used, (iv) the categories of personal information disclosed for a business purpose, and (v) the categories of any personal information sold. Kenna provides these disclosures in the following table. Kenna has not sold personal information in the past 12 months.

Category Sources of Collection Purposes of Collection Disclosures for a Business Purpose
Identifiers Website visits and registration for a Kenna service To allow use of Kenna’s services and to enable Kenna to communicate with you To Kenna service providers for the purpose of providing Kenna’s services to you
Personal information categories listed in the California Customer Records statute Registration for a Kenna service To allow use of and payment for Kenna’s services To Kenna service providers to facilitate payment transactions
Internet or other similar network activity Your browsing and search history on the Kenna Website To improve the visitor experience on the Kenna Website, diagnose server problems and administer the Kenna Website To marketing specialist companies for the purpose of enhancing the Kenna Website and improving the effectiveness of our advertising

California residents also have the rights described below. We will not discriminate against any California resident who exercises these rights.

Right to access/know. You may request from us a list of (i) the personal information that we have collected about you, and (ii) the categories of third parties to whom we have disclosed your personal information. You have the right to up to two (2) access requests each twelve (12) months.

Right to delete your personal information. You may request, at any time, that we delete your personal information.

Residents of the State of California may exercise their data protection rights under the California Consumer Privacy Act (CCPA) by contacting us at:


or by phone at +1-855-474-7546

or by email at dpo@kennasecurity.com

To ensure the privacy and protection of individuals, we are required to verify your identity or otherwise authenticate your request(s). Please note that, under the CCPA, we are not required to grant a request to access/know or a request to delete with respect to personal information obtained from you in your role as an employee, owner, director, officer or contractor of a company and within the context of Kenna providing its services to such company.

EU and Swiss Privacy Shield

Kenna complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from European Union and Switzerland to the United States. Kenna has certified to the Department of Commerce that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Kenna’s certification page, please visit http://www.privacyshield.gov.

Types of EU and Swiss Personal Data Collected. Our participation in the Privacy Shield applies to all personal information that is subject to this Privacy Policy and is received from the European Union and European Economic Area (“EU Personal Data”) and Switzerland (“Swiss Personal Data”). We will comply with the Privacy Shield Principles with respect to all EU and Swiss Personal Data.

Purposes of EU and Swiss Personal Data Collection and Use. We will only process EU and Swiss Personal Data in ways that are compatible with the purpose for which we collected the EU and Swiss Personal Data, or for purposes that the individual or entity providing the EU and Swiss Personal Data later authorizes. Before we use your EU and Swiss Personal Data for a purpose that is materially different than the purpose for which it was collected or that you later authorized, we will provide you with the opportunity to opt out. We maintain reasonable procedures to help ensure that EU and Swiss Personal Data is reliable for its intended use, accurate, complete, and current.

Disclosures for National Security or Law Enforcement. Under certain circumstances, we may be required to disclose your EU and Swiss Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

Access Rights. You may have the right to access the EU and Swiss Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your EU and Swiss Personal Data, you can submit a written request to us at dpo@kennasecurity.com. We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information. We will provide an individual with an opt-out choice before we sharing an individual’s personal data with third parties other than our agents, or before we use it for a purpose other than that for which it was originally collected or subsequently authorized. To limit the use and disclosure of your personal information, you may submit a written request to dpo@kennasecurity.com.

Data Transfers to Third Parties. Our accountability for EU and Swiss Personal Data that we receive under the Privacy Shield and subsequently transfer to a third party is described in the Privacy Shield Principles. In particular, we remain responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process EU and Swiss Personal Data on our behalf do so in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

Questions or Complaints. In compliance with the Privacy Shield Principles, we have committed to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact Kenna at dpo@kennasecurity.com.

Kenna has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism administered by the Council of Better Business Bureaus (“BBB”). If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, you may visit the BBB’s EU Privacy Shield website at https://www.bbb.org/EU-privacy-shield for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

Kenna is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Additional European Union Privacy Rights

If you are located in the European Union, you have certain additional rights with respect to your personal information under the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), including the following:

  • The right of access to your personal information.
  • The right to rectify your personal information if it is incorrect or incomplete.
  • The right to have your personal information erased (“right to be forgotten”) if certain grounds are met.
  • The right to withdraw your consent to our processing of your personal information at any time (if our processing is based on consent).
  • The right to object to our processing of your personal information (if processing is based on legitimate interests).
  • The right to object to our processing of your personal information for direct marketing purposes.
  • The right to receive your personal information from us in a structured, commonly used and machine-readable format, and the right to transmit your personal information to another controller without hindrance from us (data portability).

You may contact us at dpo@kennasecurity.com to exercise any of the above rights. We may request specific information from you to confirm your identity, and in some circumstances, we may charge a reasonable fee for access to your personal information. Furthermore, if you believe that our processing of your personal information is inconsistent with your data protection rights under the GDPR and we have not adequately addressed your concerns, you have the right to lodge a complaint with the data protection supervisory authority of your country.

Updates to this Privacy Policy

This Privacy Policy may be updated from time to time for any reason, at our sole discretion. We will notify you of any material changes to our Privacy Policy by posting the new Privacy Policy on this Website. You are advised to consult this Privacy Policy regularly for any changes to this Privacy Policy. Your continued use of this Website or our services after any change in this Privacy Policy will constitute your acceptance of such change.

Kenna Security, Inc. (“Kenna”, “we” or “us”) provides this Privacy Policy to inform users of our policies and procedures regarding the collection, use and disclosure of personally identifiable information received from users of our vulnerability intelligence and analysis service and this website (the “Website”) collected via the Website, email, SMS, telephone, WAP or other means. This Privacy Policy may be updated from time to time for any reason, at our sole discretion. We will notify you of any material changes to our Privacy Policy by posting the new Privacy Policy on our Website. You are advised to consult this Privacy Policy regularly for any changes. By using or accessing the Website, you are accepting the practices described in this Privacy Policy, and you are consenting to our processing of your information as set forth in this Privacy Policy now and as amended by us.

If you have any questions or comments about this Privacy Policy or our use of your personally identifiable information, please contact us at dpo@kennasecurity.com.


© 2021 Kenna Security. All Rights Reserved. Privacy Policy.